One feature of the Symantec Management Agent is to report the primary user for client computers. In some situations, root is reported for a Mac, even when root is disabled from logging in. (see HOWTO95262).

Resolution:

Symantec Management Agent reviews the operating system logs to determine primary user usage. Even when root is disabled from logging in, the system performs some processes as root, which show up in the logs. This can cause root to have more time than a normal user.

There is a setting to ignore local user accounts for Mac, and only report Domain Users. This scenario only applies when a Mac is joined to a domain, and domain accounts are used for logging in.

To enable this setting in the Symantec Management Console:

Go to Settings > Agent/Plug-ins > Targeted Agent Settings

Select the policy that applies to Mac computers. The default is "All Linux/Mac Workstations"

Select the UNIX/Linux/Mac tab

Select "Report only AD users as primary"

Save the policy

The next time Mac clients update their configuration settings, they will start reporting only Primary Users that belong to the domain. This can still take time, as Primary User information is based on a rolling 28 day period.